Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
mohan_1105
Partner - Creator III
Partner - Creator III

Sheet Level Section Access isn't working

Hello Qliker's,

I'm trying to implement the sheet level section access to the application published on our client server. I created the security rule having the logic sheets name like "ZSM" shall only be displayed to the certain group and other shall view the sheets which doesn't have the sheet name like "ZSM".

I applied the following rule which isn't successful. Please review my security rule below,

((resource.id="App ID") and (user.@User_Type="Restricted User" and resource.name like "ZSM") or (user.@User_Type="Users" or resource.name!="Customer Analysis - ZSM" and resource.name!="Customer Details - ZSM" and resource.name!="Dashboard - ZSM" and resource.name!="Order Analysis - ZSM" and resource.name!="Target Analysis - ZSM"))

Please help, kindly help if I should follow any other steps in security rule.

Best Regards,

Mohan

1 Solution

Accepted Solutions
suhasinigm
Partner - Contributor III
Partner - Contributor III

Hi Mohan,

I think U have created only one Custom Property User_Type?.

1. Create a Custom Property User_Type with User and Stream as resource type.

and values will be Restricted_User and Unrestriceted_User.


Stream level User Access Rule will be:

((user.@User_Type=resource.@User_Type)).

2.Then Create a Custom Property AppLevelManagement with User and App as Resource Type.

and values will be Restricted and Unrestriceted.


First Disable the Default stream Rule ,then create new security rule for App.

((user.@AppLevelManagment=resource.@AppLevelManagment)).

Please make sure for users,streams and applications associated with the respective custom property.



,2018-02-10 13_39_35-Greenshot.png

View solution in original post

26 Replies
dionverbeke
Luminary Alumni
Luminary Alumni

Did you disable the rule that gives access to the sheet if you have access to the stream?

Remember that Qlik is a positive security system: once you have access you have access...

Below a way to do it. There are other ways:

How to disable the generic rule:

1.Go on the QMC

2.Open the Security Rules section in the QMC.

3.Select the default generic rule called Stream. As explained before, this rule allows users to access all Streams.

4.After selecting this rule, tick the case “Disabled”.



UnRestrictedclient:


((resource.resourcetype = "App“and resource.stream.HasPrivilege("read"))

or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")

and resource.app.stream.HasPrivilege("read")))

and user.userDirectory != “RESTRICTEDCLIENT"

RestrictedClient:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))

or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name != “RESTRICTEDSHEET") and user.userDirectory = “RESTRICTEDCLIENT")

Kind Regards,

mohan_1105
Partner - Creator III
Partner - Creator III
Author

Hi Dion,

Thanks for your time.


I recreated the rule as you suggested in RestrictedClient. The rule is working as expected. But I the restricted user couldn't able to view the charts which are on the dashboard already.


Also, Kindly verify my Resource filter and Actions shown below.


Capture.JPG


Below is the rule I wrote as suggested. 


(resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))

or

((resource.resourcetype = "App.Object" and resource.published ="true" andresource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name LIKE*ZSM") and user.@User_Type="Restricted User")

or

((resource.resourcetype = "App.Object" and resource.published ="true" andresource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name !=*ZSM") and user.@User_Type="User")


Best Regards,

Mohan

suhasinigm
Partner - Contributor III
Partner - Contributor III

Hi Mohan,

I also faced the same issue ,

Inst-ed of writing 3 rules i wrote the below two separate rules for two groups :

Sheet Level:

Rule1: DomianGroup

Resource Filter:App.Object_*

((user.@Group="Domain" and resource.name="ZSM"))


Rule2: GlobalGroup

Resource Filter:App.Object_*

((user.@Group="Global" and resource.name!="ZSM"))


I hope it will solve your problem.

mohan_1105
Partner - Creator III
Partner - Creator III
Author

Hi Suhasini,

I disabled all the rules I created before for sheet level access and created the rule as you suggested. I wouldn't able to find the application in the stream.

Could you suggest what can be done after?

suhasinigm
Partner - Contributor III
Partner - Contributor III

Hi Mohan ,

Is  Application level Management working correct?,

have you assigned the  application level custom property to Users.

mohan_1105
Partner - Creator III
Partner - Creator III
Author

Hi,

Yeah, I have assigned the custom properties to all the users allocated.

Just the clarification, in the rule, you mentioned user.@Group is the customer prroperty you were mentioning right?

suhasinigm
Partner - Contributor III
Partner - Contributor III

Hi Mohan,

Group is a custom property with User and stream resource type.

mohan_1105
Partner - Creator III
Partner - Creator III
Author

Hi,

Could you tell me, how do I check the app level management is working?

suhasinigm
Partner - Contributor III
Partner - Contributor III

Hi Mohan,

please refer this post till 9th step for Application Level Management.

Sheet or App Object Level Security Qlik Sense